A quarter of UK organisations do not have the knowledge to manage virtual security deployments, a study has revealed.
More than half say this is due to a lack of training or funds available to train, according to the study by security firm Trend Micro in collaboration with Vanson Bourne.
But almost two-thirds of the 100 IT decision-makers polled across UK public and private organisations want to see their employers boost investment in training to secure virtual environments.
At an industry level, 57% of UK businesses want to see virtual security guidelines put in place to help organisations understand best practice.
Additionally, over half of UK businesses are seeking more guidance from security suppliers when it comes to securing virtual environments.
When searching for a security solution for their virtual environments, 70% of UK businesses are prioritising cost over effectiveness at detecting and stopping threats
Staff need new skills to secure virtual environments
“Trend research from earlier this year revealed an alarming number of UK businesses are struggling to keep their virtual systems secure, and our latest report finds that a lack of training and education is the main contributor to this issue,” said Michael Darlington, technical director at Trend Micro.
“However, it is promising that security professionals recognise the problem and are demanding investment in up-skilling to better equip them to manage new, complex IT infrastructures,” he said.
Darlington added that ultimately the responsibility lies with organisations to provide their staff with the training and support necessary to ensure business data is safe.
“Without this investment, we will see businesses continue to struggle to secure their virtual networks, leaving themselves open to the risk of cyber attacks,” he said.
The research also revealed that when searching for a security solution for their virtual environments, 70% of UK businesses are prioritising cost over effectiveness at detecting and stopping threats.
Ease of deployment and management is the next priority, with effectiveness at keeping the infrastructure secure coming in at third in the list of priorities.
Lack of clarity over VM security responsibility
Read more on virtualisation security
- UK businesses failing to secure virtual environments, study finds
- Analysis: Businesses are not securing virtual environments. Why?
- Companies fail to secure virtual environments
- Before the virtualisation security sales comes the education
- Kaspersky Lab to talk about cloud computing safety issues at Infosec
- Virtualisation making IT more cost effective
- CA finds virtualisation security fears have substance
- Setting a network security policy for a virtual environment
- Storage for virtual environments
- Network traffic analysis in a virtualized environment
- New VDI malware analysis tool aids virtual desktop security
UK businesses also show a lack of understanding over where the responsibility of the security of their virtual machines (VMs) actually lies.
One in four organisations have their virtual infrastructure hosted in a third-party datacentre, while one in three have it hosted both on-premises and in a datacentre, resulting in a lack of clarity over who is responsible for information security.
While 41% understand that responsibility for securing these virtual machines lies with both the organisation and the datacentre provider, almost a third of respondents believe the responsibility lies solely with the datacentre provider.
“Given that third-party hosting of virtual machines is not a new concept, it is surprising that UK organisations are still unsure over where responsibility lies for managing the security of these devices,” said Darlington.
“We need to look at introducing industry-wide guidelines to provide businesses with clarity here, ensuring that they are working with datacentre managers to protect their virtual assets in the best possible way,” he said.